Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    12-11-2024 18:44

General

  • Target

    https://32.brivorix.com/BEONv/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://32.brivorix.com/BEONv/
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8b8bbcc40,0x7ff8b8bbcc4c,0x7ff8b8bbcc58
      2⤵
        PID:628
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2000 /prefetch:2
        2⤵
          PID:1088
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2120 /prefetch:3
          2⤵
            PID:2224
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2344 /prefetch:8
            2⤵
              PID:4220
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
              2⤵
                PID:1280
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3192 /prefetch:1
                2⤵
                  PID:4152
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4720 /prefetch:8
                  2⤵
                    PID:3208
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4580,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3652 /prefetch:1
                    2⤵
                      PID:2540
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1092,i,14838226142733776081,17320545929945994078,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=500 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2344
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:776
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:2568

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                        Filesize

                        649B

                        MD5

                        2006cfaacd988a8099448d3904bf1f4a

                        SHA1

                        a38c7c1328cbb528c7b3b8887d40208b313d30d3

                        SHA256

                        e0539c94e66b75280105e4d989558e240a4239fad5919281f344a73f65f363bf

                        SHA512

                        511d9b8a40a8c21db742b30bf2f9c57b02b3c9b34bbd2639485e455ec4d85e0aa7a876fdc21190b67b72201df72fc253d206b2297f45d406b6001aa12280461e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                        Filesize

                        120B

                        MD5

                        bb3b890e4989e84a6f5bf877822f75ed

                        SHA1

                        258199d63f6ab45347f3dd39c2494a85087c7647

                        SHA256

                        d1efa7ada7a33f5957c7551a15380edb021403a3adb3acceb5ff3d5fefb381fd

                        SHA512

                        bea02389a02ce232d7c9327ffc32f9fc11dd46dcbfc4eb0ce4bbd949b98529fb59b2b0ed94fafc85e09dc9daa1171a357a9b1becf0cd6ef1f95da76c6166dcae

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        1008B

                        MD5

                        4fca6bf323120e29de0bf70c7e8d5b43

                        SHA1

                        f18d89aac602e72af79041383546b6506584a170

                        SHA256

                        fd22db2d5ce6f09131514756b62e08affe7ac49247b8488c72de83ff14183dd3

                        SHA512

                        a716fdd7b0cf650adfe869645ec34a0e3987ff988e829d4f40059e1dcc3407a923b3eaeb727bd88a100fc81acdb0593529a47e366ab450100c25a52115cb3223

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        7KB

                        MD5

                        860937b0775fc904fdbd9bc4ba905edf

                        SHA1

                        689ca23cfe38649ee580200dbfcf0c9e2860101c

                        SHA256

                        e21f8d269f64eb405d38dad8c38df3ae9378412a0ccae8792672971f5d0455d7

                        SHA512

                        62f88d40e93f7c106383f9dd73883aeab9ab4899f48d7631118408d7adf7106fe9242d6afd43f1b2591139f1eea96c3a9f6505fa125d9d761b52d567029b7e7c

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        6878847026d162d32d5eb09f417983b0

                        SHA1

                        f0cdf9978666d64a499ed619f67ecfbd87a9bb93

                        SHA256

                        66d5d3764ad70c7373f74c59c00425d64da4d1ab574fb40596f810b3e2db9d22

                        SHA512

                        afe8ea44af34a34264cf22f642c105252947186cbcbb97580a28378efb117f31a719c61b48c33723e1acba3c0278c92e75a8b0e090b0a70c7984ff18c0ee33e3

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        d9978e4371e237a8c309ffefd46a3abc

                        SHA1

                        f4607a231c9b891ca98051d8873de3a3072ad25f

                        SHA256

                        eda51d205c5392609e2d6d0015bd3d963693c194d35f05569c46550f5397b501

                        SHA512

                        d8306091b7c1b1788a6152121715d560f3e832d4dbe38c5f4f97c709b4e304cd8cb8901418558b740785ae066424f39f876fb6d70c729dddfd432e5fe3f9bcb0

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        d0b0012af467a8e6f71e5bc580bd7fca

                        SHA1

                        36293fdbecb3c4bfda8c3ade13b147e023c69d34

                        SHA256

                        17bef774ccb91c84316ab4f07dfaf4df8e9dd6719b130df216b007bd1372982d

                        SHA512

                        f456cd5286c1a15b0e9b1c360f18105da9a43bc23738d926e4c5836b0621255d02f6596dc03e29f25bb6e8b0d0209aab3ef52e256a485316cf5885277448ea1c

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        db7ce305bc003e9246ddf0e15aa91ef3

                        SHA1

                        d770e17cfbb77b2dce5bc501c40edfc53353a91b

                        SHA256

                        648b19582d08183a3a2331704a971bcc57fe5e6c5481e59e0c32a0c04fb33dcb

                        SHA512

                        3bb90b2f7f5f0bcef079445dc0969153fa55ddea98cd876eb31d951a8cb9fb70b414dc29284f97eb0acf9e0d98483d8c391ecf1d5c932dcbac7256443a7655fe

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        376215ed74cf3b54b64bb74bfa320e8c

                        SHA1

                        129cd01214804783f3fc9d1a1f69601feb0b6fc8

                        SHA256

                        4803589427b09bd57f5e716050d5a1f48f66fc81af695338c9c81171049c9b05

                        SHA512

                        d107d49e36734d6249e59da61d4a4928ee8c9834441d3f7ed8484a2f3b402c5d296a5043b81fa1f15431328afd0b23b0434ce4c1eed9c3724677955c387de8e2

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        d31915ff60115947900d8df0259344b9

                        SHA1

                        ed1ce388408e948320c784d11cfbb3a746ffc821

                        SHA256

                        26546d79825df44874015bad19333ce4e3efee9d03d1f0de37f4141b97ae3a71

                        SHA512

                        8700c2562ae7af7b0fbb0a9881160c76cd7915a2e55d184939be59cdca024f86e75aa97f700d0bbe3fe09a5c9589cad1b354b4c1c7cd686cfa66439b89637c24

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        a26ea191dd3c9f8839e40837beacf41d

                        SHA1

                        ea6ca11b4384a92afdd7474014964a8ff50483b9

                        SHA256

                        5b00085b4795744f9eae3b40bdf8be32faac40bc29203c2e1a43643b939b6781

                        SHA512

                        25d47321d6f09e39ca1f208d1e8c91971693f5b5f0ecad9d989997842b690589d4ca07903c72b086fd92dcac57b940ac736eedffcb358c982162d4d5bceddb82

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        9aa4bd2a5d4909193d7f232ee1cf55a1

                        SHA1

                        69e48691507a210a3100fbfa58e75a4f024a1f18

                        SHA256

                        80c8b42b40ca441d7fae01bbe38f353effd984ed54b0c8fbda24c3f481589644

                        SHA512

                        46a7cf4ca5bff9fe5872e5f2da5ba914ae52d327603370e1082f7250b222e7f935024b8835a7be5773f8180b99b0a4525800291b9fbe003b9c21d8638e4495fb

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        5f662717e5cbc85521ad0d17d15f216c

                        SHA1

                        0e54376112035f777165ac9e9b0b9a435edd294c

                        SHA256

                        43b8c5633eb08fcded04c8ee3ec50ef2e92941e1cd7a40ecad418c9ebe066ea1

                        SHA512

                        36bdfc2883039af43d104135c20cd3cffaa7f6f9ce3d155ad2ad1cbd7069f5a21302c573f80b724d4f18b65f4d84567dcb46934197ace79804baa58edd2cf8a7

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        7cc8daecbf0645de0c2da9ef34aababb

                        SHA1

                        0ab2415a36874d9dfd6e917b3e0c1fc7306ecb94

                        SHA256

                        43ea3bcecd7e04f120c500a3401e549e00825cca218a75acb0aabc276ae4cf45

                        SHA512

                        c4ca0fbfa3c0a565c771661a9125443855b96e845badf3aed0432ffd513bd5a8f3e3019934517eef2e65192efbceafed03a37bb4ec332de217b233989e248f13

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        118KB

                        MD5

                        c8c6c87603c5918c1a7d0b21822b674a

                        SHA1

                        f18604a956ce10b6e73ea7ebb2ed7cd957188940

                        SHA256

                        9673eecdf2e9759a4b22e349e9c48a92b80d568f2cb6d3d1fae31a36043b1684

                        SHA512

                        2f2ca4970064874405b3c8ef1901fecbb7ac8fc645ea1ba982e919ad0048676a20077b53aa3f40a406881373c896c5eca08a6ada33cfb4a530f542d552923265

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        118KB

                        MD5

                        e9454b870c0e924c638178b2e2b4a31f

                        SHA1

                        b83322455082768b3b1de8882449b6a0551c18a4

                        SHA256

                        8b29954d081923a4872661279e66602171da1b6ba93f0391e763a39657804656

                        SHA512

                        1127bbfb2ea3905255bb883644603564ae7d9f32a0afbc11cad783ea6b7a3f03e55948237ba853d3524de30e8defcf2979351946f2a4d82ab1f37bbe610a556a

                      • \??\pipe\crashpad_4880_NFEBVRVCHYKILVNO

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e